The following services allow managing token-authentication definitions at both the service component and property level (service component if no alias is provided, or a property when an alias has been specified).
Token authentication allows you to protect content from URL tampering or unauthorized re-use or re-publication via email forwarding or deep linking to content. Using shared secrets defined in the tokens, a URL signature appended to the query string of the resource URL can be validated by the CDN before serving content without contacting your environment for authentication.
Up to 10 token definitions can be defined at the service component and each property level. A token definition is defined by a unique ID, represented by an integer between 0 and 9, a string representing the secret, and an optional start and end time stamp. Time stamps are given in UNIX epoch format, for example 145251839. The time stamps define a period for which the token will be in effect.
Because resources are cached by URL and the use of token authentication requires insertion of query string parameters into the request URL, Query String Handling Mode should also be implemented as appropriate. Typically, the token parameters (stime, etime, encoded) should be excluded from the cached resource URL.